{"width":"100%","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fgfx.hatenablog.com%2Fentry%2F2017%2F08%2F02%2F131537\" title=\"npmjs.com \u3067\u8457\u540d\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306b\u3088\u304f\u4f3c\u305f\u540d\u524d\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u5927\u91cf\u306b\u767a\u898b\u3055\u308c\u305f - Islands in the byte stream\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","title":"npmjs.com \u3067\u8457\u540d\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306b\u3088\u304f\u4f3c\u305f\u540d\u524d\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u5927\u91cf\u306b\u767a\u898b\u3055\u308c\u305f","provider_url":"https://hatena.blog","categories":[],"blog_title":"Islands in the byte stream","height":"190","published":"2017-08-02 13:15:37","type":"rich","image_url":null,"provider_name":"Hatena Blog","author_url":"https://blog.hatena.ne.jp/gfx/","author_name":"gfx","blog_url":"https://gfx.hatenablog.com/","version":"1.0","description":"Malicious packages in npm. Here\u2019s what to do | Ivan Akulov\u2019s blog People found malicious packages in npm that work like real ones, are named similarly real ones, but collect and send your process environment to a third-party server when you install them \u8a33: \u60aa\u610f\u306e\u3042\u308b\u30d1\u30c3\u30b1\u30fc\u30b8\u304cnpm\u3067\u767a\u898b\u3055\u308c\u305f\u3002\u305d\u308c\u3089\u306f\u3001\u5b9f\u969b\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u306b\u3088\u304f\u4f3c\u305f\u540d\u524d\u3067\u540c\u2026","url":"https://gfx.hatenablog.com/entry/2017/08/02/131537"}